summaryrefslogtreecommitdiff
path: root/source3/nmbd
AgeCommit message (Collapse)AuthorFilesLines
2000-04-22This is a *big* checkin that may break some things, but implements theJeremy Allison1-3/+8
new open mechanism Andrew & I discussed. config.sub: configure: Included the QNX patch. include/vfs.h: smbd/vfs-wrap.c: smbd/vfs.c: Added ftruncate vfs call (needed). Note that we will also need locking calls in the vfs (to be added). lib/util_unistr.c: nmbd/nmbd_processlogon.c: Fix for NT domain logons causing nmbd to core dump. Also fix for sidsize DOS bug. locking/locking.c: Check value of ret before using it for memdup. printing/printing.c: Convert print_fsp_open to return an allocated fsp. rpc_server/srv_lsa.c: Fix for NT domain logons. I have removed all use of lp_share_modes() from the code (although I left the parameter in the table for backwards compatibility). It no longer makes sense for this to exist. smbd/close.c: Removed lp_share_modes(). smbd/fileio.c: Fixed parameters to unlock_share_entry call in panic code. smbd/files.c: Correctly set the unix_ERR_code to ERRnofids on fsp allocation fail. smbd/nttrans.c: smbd/reply.c: smbd/trans2.c: Changed all occurrences of open_file_shared/open_directory/ open_file_stat to return an fsp from the call. smbd/open.c: Changed all occurrences of open_file_shared/open_directory/ open_file_stat to return an fsp from the call. In addition I have fixed a long standing race condition in the deny mode processing w.r.t. two smbd's creating a file. Andrew, please note that your original idea of using open with O_EXCL in this case would not work (I went over the races very carefully) and so we must re-check deny modes *after* the open() call returns. This is because there is a race between the open with O_EXCL and the lock of the share mode entry. Imagine the case where the first smbd does the open with O_EXCL and a deny mode of DENY_ALL, but is pre-empted before it locks the share modes and creates the deny mode entry for DENY_ALL. A second smbd could then come in with O_RDONLY and a deny mode of DENY_NONE and the two opens would be allowed. The *only* way to fix this race is to lock the share modes after the open and then do the deny mode checks *after* this lock in the case where the file did not originally exist. This code will need extensive testing but seems to initially work. Jeremy. (This used to be commit ab0ecc39d688f16b9692fe90b991f0b89287070a)
2000-04-18updates from the TNG branchAndrew Tridgell1-10/+6
(This used to be commit 36fb5bc72fc6c0de719205ea34f497bfa0c4082f)
2000-04-12logic for domainsidsize is if size is zero, there's no sid, so don'tLuke Leighton1-1/+0
advance over it and 4-byte align. this _used_ to be "regardless of domainsidsize, advance by domainsidsize+3" which is wrong. (This used to be commit 5086e6425f3630d8f5ca1e25a333eb97fdf86e93)
2000-04-11include/byteorder.h: ALIGN4/ALIGN2 macros.Jeremy Allison1-3/+3
include/includes.h: Added SMB_BIG_UINT_BITS. lib/util.c: Removed align2/align4 - use macros. libsmb/namequery.c: Use ALIGN2. locking/locking.c: Replace do_lock, do_unlock, args with SMB_BIG_UINT, not SMB_OFF_T. Needed to move to hiding POSIX locks at a lower layer. nmbd/nmbd_processlogon.c: Use ALIGN2/ALIGN4 macros. smbd/blocking.c: Replace do_lock, do_unlock, args with SMB_BIG_UINT, not SMB_OFF_T. smbd/reply.c: Replace do_lock, do_unlock, args with SMB_BIG_UINT, not SMB_OFF_T. Jeremy. (This used to be commit 491eea8a20bf80d426625479326211dc975857a6)
2000-04-11add a commentAndrew Tridgell1-1/+1
(This used to be commit 0da440c8fe365fd53c313e9dc62dda7e40916d62)
2000-04-11some updates to the process logon code to reflect lukes latestAndrew Tridgell1-20/+38
research plus some cleanups (This used to be commit 1682faa1b0e95fc5acdf9b10da80a6515f8772cd)
2000-04-11finally got sick of the "extern int Client" code and the stupidAndrew Tridgell1-1/+0
assumption that we have one socket everywhere while doing so I discovered a few bugs! 1) the clientgen session retarget code if used from smbd or nmbd would cause a crash as it called close_sockets() which closed our main socket! fixed by removing close_sockets() completely - it is unnecessary 2) the caching in client_addr() and client_name() was bogus - it could easily get fooled and give the wrong result. fixed. 3) the retarget could could recurse, allowing an easy denial of service attack on nmbd. fixed. (This used to be commit 5937ab14d222696e40a3fc6f0e6a536f2d7305d3)
2000-04-03Additional fix for nmbd and 127.0.0.1 interface.Jeremy Allison1-0/+12
Jeremy. (This used to be commit 715fa7ea8cf00d72c868bed420c28a29011f53a1)
2000-03-29Cause nmbd to ignore loopback interface when constructing its interface ↵Jeremy Allison1-0/+14
list. This is done by default when interfaces are probed, but if someone explicitly adds 127.0.0.1 to the interfaces line for smbd, then nmbd would start to try and register names on it. This was not good :-(. Jeremy. (This used to be commit cc3ad825214686ad03dd4176d0c55290d1de6221)
2000-03-28damn, the test was the wrong way around for short_resuestAndrew Tridgell1-1/+1
(This used to be commit 1ac46c40118fce9443141ce19506d124a873b73d)
2000-03-27changed the definition of dos_PutUniCodeAndrew Tridgell1-9/+4
the previous definition could result is us overflowing a buffer. The null termination was always added yet the size returned did not include the null termination. the new function takes a BOOL null_terminate, and always returns the total number of bytes consumed by the string. (This used to be commit 426c90433396a95033eefcc4af97603abc934221)
2000-03-27the final part of the nmbd merge between head and tng - this gets theAndrew Tridgell2-30/+38
GETDC stuff sorted out (This used to be commit f6b56ae93e47a54317f2711533ec8208d5cbc8a9)
2000-03-27fixed the hanlding of recursion desired when sending packets fromAndrew Tridgell1-23/+22
nmbd. It does NOT follow the rule that packets to the wins server have rec_des set (I know that we have postulated this in the past). Please don't screw with this unless you do careful testing from WinXX clients. Luke and I spent a couple of hours today getting this right (it was wrong in both TNG and HEAD) (This used to be commit 9eda2e27b74d95975e481d92930ef87de7006919)
2000-03-27rename static reload_services function to reload_nmbd_services becauseLuke Leighton1-6/+6
it clashes with other reload_services definitions. (This used to be commit affaf9c5411e533a77621574d356e886eea93465)
2000-03-26when doing a "secure nbns" wack response and check with owner for aAndrew Tridgell1-1/+4
multihomed registration we were sending the packet to the wrong host! We sent it to the person trying to register rather than to the person who currently holds the name. That means we were not secure and we could allow two people to register the same name. Jeremy, you may wish to merge this change into 2.0.X (This used to be commit 94ca1d1250d12918311a402cc689050ba1d06e24)
2000-03-26merge from tng ...Andrew Tridgell1-1/+1
reload services can be static (This used to be commit b13a903720a6ef789ee7d688c05be2e77584580e)
2000-02-23lib/system.c: Fixed gcc warnings.Jeremy Allison1-2/+2
nmbd/nmbd_processlogon.c: Use "True" and "False" instead of 1 and 0. Others - preparing for multiple pdu write code. Jeremy. (This used to be commit 9f879ec396230deba34fbe5e82d8a65f92137c54)
2000-02-22richard got the short request for GETDC right (hooray!) win9x _and_ ntLuke Leighton1-11/+24
now work. (This used to be commit 27ef1789267c7af70071ac9b1d216b4dd745578a)
2000-01-28Modified auto alignment of ud[] struct on stack to be declared as anJeremy Allison2-4/+4
array of pointers. This should cause alignment on a correct boundary.. Spotted by Darren Reed <darrenr@telnetmedia.com>. Jeremy. (This used to be commit 91f4d0675333d7c5d7bb5ff077faaf83e1fd9bfe)
2000-01-07this looks like a big commit, but it isn't really :)Andrew Tridgell15-63/+38
This fixes our netbios scope handling. We now have a 'netbios scope' option in smb.conf and the scope option is removed from make_nmb_name() this was prompted by a bug in our PDC finding code where it didn't append the scope to the query of the '*' name. (This used to be commit b563be824b8c3141c49558eced7829b48d4ab26f)
2000-01-05implemented talloc() as described on samba-technical. This fixes theAndrew Tridgell1-0/+3
lp_string() bug properly. we still need to add lp_talloc_free() calls in all the main event loops, I've only put it in smbd and nmbd thus far. (This used to be commit aa7f81552540f5dca2c146f5edd805611d5b390f)
2000-01-03added suppport for unexpected udp/138 packetsAndrew Tridgell1-9/+12
I also fixed up the lookup_pdc_name() code so that it now works, even with a NT server that insists on replying to udp/138. The method I used to match packets was to use the mailslot string as a datagram ID. The true dgm_id doesn't work as NT doesn't set it correctly. uggh. PS: Jeremy, I had to change your code quite a bit, are you sure this worked with a Samba PDC?? The code looked broken, it got the offsets wrong in the SMB portion of the packet and filled in the IP incorrectly. (This used to be commit 32f66f4ea63038cb4b3785bdf1762abdde076f5d)
2000-01-03got rid of mem_manAndrew Tridgell1-2/+0
yamd is much better, and doesn't require any source code changes if you haven't seen yamd then take a look at http://www3.hmc.edu/~neldredge/yamd/ its excellent! (This used to be commit 25b13f8b79d648188036f027f45bc78ec117cc88)
2000-01-03added the unexpected packet database (unexpected.tdb)Andrew Tridgell2-1/+7
this means "nmblookup -S" now always works, even with broken servers the database stores all unexpected replies and these can be accessed by any client. while doing this I cleaned up a couple of functions, and put in place a better trn_id generator. in most places the code got quite a bit simpler due to the addition of simple helper functions. I haven't yet put the code in to take advantage of this for pdc replies - that will be next. Jeremys pdc finding code will then work :) (This used to be commit 280e6359d36c9bc8dcded302f15c3a1db8e3feeb)
2000-01-02- added tdb_flags option to tdb_open()Andrew Tridgell2-16/+4
- added TDB_CLEAR_IF_FIRST flag to clear the database if this is the first attached process. Useful for non-persistent databases like our locking area (this will also make upgrades to new database layouts easier) - use lock_path() in a couple of places - leave connections database open while smbd running - cleaned up some tdb code a little, using macros for constants (This used to be commit 00e9da3ca577527db392aced62f02c69cfee8f4f)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell22-261/+484
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-01more cli_session_setup() calls. what the heck are these doing???Luke Leighton1-1/+1
they should all be replaced with cli_establish_connection(). created cli_use_wait_keyboard() which waits on multiple cli_states and swallows session keepalives. (This used to be commit fcc39b3f4f2f8d04d3fab09db048b4f3dc1e97d5)
1999-12-01sys_select added one more argument (read, write selectors).Luke Leighton1-1/+1
(This used to be commit e4d92ff9dfc51735e6932748f66a7c20b2c1cb6a)
1999-11-19- bug in nmbd registering DOMAIN_NAME<1c> to WINS server; recursionLuke Leighton2-8/+19
desired flag MUST be set in any NBT UDP packets sent to a WINS server, else they will go to the WINS client side of the NT NetBIOS kernel instead, and will get trashed. - added \PIPE\browser server-side code. (This used to be commit 8e406c1fa296c3f97b1cd7ddde7b5aeb9232b26e)
1999-11-18responses to UDP samquery go back to SERVER<00> not DOMAIN<1c>, theLuke Leighton2-9/+9
request name. modified createuser rpcclient command to examine name being added. if it ends in a $, assume that a workstation trust account is being added. (This used to be commit 4aea261cb0e5f34255ff83271eb5cadb0eb78bc9)
1999-11-18added regqueryval command (experimental) to get reg_io_q_info() andLuke Leighton1-0/+2
reg_io_r_info() working properly. previously they weren't well understood (well, they were the first of the registry functions i did, back in december 97, ok??? :-) set ntversion to 0x1 in SAMQUERY, so that we reply same as NT4 srv. (This used to be commit 98ddeaf442cb30972cb281bf0489a6e5f7eb2883)
1999-11-15- added DCE/RPC "fault" PDU support.Luke Leighton1-5/+21
- disabled (AGAIN) the GETDC "if (MAILSLOT\NTLOGON)" code that will get NT5rc2 to work but WILL break win95 (AGAIN). this needs _not_ to be re-enabled but to be replaced with a better mechanism. - added SMBwrite support (note: SMBwriteX already existed) as NT5rc2 is sending DCE/RPC over SMBwrite not SMBwriteX. (This used to be commit 25c70e3c984c4fed19763ed405741e83fe14f87e)
1999-08-08Fix for Win95 not being able to find PDC (for User/Server Manager, andMatthew Chapman1-11/+14
password change requests), from Michael Stockman <pgmtekn@algonet.se>. GETDC on \MAILSLOT\NET\NETLOGON necessarily returns less information than the NTLOGON version. (This used to be commit 8a603a8793cb067cd06edc3d73d0b35c427ed5ed)
1999-04-11Trying to improve DC location & browsing performance for the average userMatthew Chapman2-5/+1
who doesn't know what an LMB or DMB is. * check_master_browser_exists now performs the check the first time around, so if there is indeed no master browser then Samba takes up the job much faster. * Upped default OS level to 32. There is no reason why some stupid little Windows box should become LMB instead of a Samba *server*. * "domain master" now defaults to "auto". Currently this attempts to become DMB iff Samba is the PDC (ala Windows NT). "preferred master" also defaults to "auto", which enables preferred master iff Samba is DMB. * lp_server_role now just returns the predetermined role, rather than working it out each time, since the server role is becoming very heavily used (esp for the BDC code). (This used to be commit 4a23a358b5ad8873acb7db11f27b87d2a016bec1)
1999-03-17SAMLOGON query - alignment issue is beginning to get to me.Luke Leighton1-0/+2
(This used to be commit baf55934dc5118f8c423fe05c0e4b8d7c018fa14)
1999-03-17alignment issue for UDP SAMLOGON response.Luke Leighton1-2/+2
(This used to be commit 9d01e9d86a8d22a283a8377a12bb175398547d78)
1999-03-09alignment issue in UDP SAMLOGON response.Luke Leighton1-3/+6
(This used to be commit de290627f06915d420d37d2a3ac2f736c4cf8d74)
1999-03-09mods to allow inter-domain trust accounts to be added to SAM databaseLuke Leighton1-51/+4
using smbpasswd command. (This used to be commit 62d499f83256c6e8b3308dc4bd8e9f5df873b14b)
1999-03-09oh dear, it's this one again. removed check for MAILSLOT\NTLOGON becauseLuke Leighton1-14/+12
it's wrong. i've seen a packet from nt client on MAILSLOT\NETLOGON with appended undocumented unicode tacked on the end and the response contained undocumented unicode tacked on the end. (This used to be commit 74c7d626cd85189c902489d220c3eca30a4b1bb1)
1999-02-15Always null-terminate strings.Matthew Chapman1-7/+7
Also some string length and sizeof(pointer) corrections. (This used to be commit ce24191939b82985d09eabe945199f38b0fea486)
1999-02-12UNICODE cleanup (see lib/util_unistr.c).Matthew Chapman1-20/+21
No more ugly static library buffers and all functions take a destination string length (especially unistrcpy was rather dangerous; we were only saved by the fact that datagrams are limited in size). (This used to be commit a1d39af1ce1d451b811dbd7c2ba391214851b87e)
1998-12-17Fix bug with nmbd running wild due to recursion in ↵Jeremy Allison2-9/+27
retransmit_or_expire_response_records(). Jeremy. (This used to be commit d5f05b4faef50e7cfc0ed05a87d92e14102106c6)
1998-12-09oops, util_pwdb.c appears to be included in PASSDB_OBJ not LIB_OBJ.Luke Leighton1-1/+1
(This used to be commit ca10eb44909e66a07dc7f88b0a740390f9ec3922)
1998-12-09need to initialise global_myworkgroupLuke Leighton1-0/+5
(This used to be commit 501617307f3b9bbad76406d00b1bc82f5cb479a6)
1998-12-09removed the SID stuff from the head branch as well.Andrew Tridgell2-35/+5
This allows the removal of PASSDB_OBJ, RPC_CLIENT_OBJ and RPC_PARSE_OBJ from nmbd in the head branch. so nmbd just went on a diet :) (This used to be commit be697c9ef00f1b6366228dcdd3983d68158dd94f)
1998-12-03jean-f spotted race condition on generation of sam sid, from startingLuke Leighton1-1/+1
nmbd and smbd. nmbd is now client: smbd is solely responsible for creating sam_name.SID (This used to be commit 50fa4822df679b4d54b5a868179594ec087e811f)
1998-12-01rpc_samr.h parse_samr.c srv_samr.c :Luke Leighton1-1/+1
samr_query_aliasmembers (cool!) util_pwdb.c sids.c nmbd.c server.c smbpasswd.c swat.c : pwdb_initialise(BOOL is_server) now creates / reads DOMAIN_NAME.SID if is_server is True, and does LsaQueryInfoPolicy(levels 3 and 5) to obtain member and pdc sids. (This used to be commit 3e1eb4f26b67e484b05e1dde94fd4e4dae982631)
1998-11-29weekend work. user / group database API.Luke Leighton1-14/+15
- split sam_passwd and smb_passwd into separate higher-order function tables - renamed struct smb_passwd's "smb_user" to "unix_user". added "nt_user" plus user_rid, and added a "wrap" function in both sam_passwd and smb_passwd password databases to fill in the blank entries that are not obtained from whatever password database API instance is being used. NOTE: whenever a struct smb_passwd or struct sam_passwd is used, it MUST be initialised with pwdb_sam_init() or pwd_smb_init(), see chgpasswd.c for the only example outside of the password database APIs i could find. - added query_useraliases code to rpcclient. - dealt with some nasty interdependencies involving non-smbd programs and the password database API. this is still not satisfactorily resolved completelely, but it's the best i can do for now. - #ifdef'd out some password database options so that people don't mistakenly set them unless they recompile to _use_ those options. lots of debugging done, it's still not finished. the unix/NT uid/gid and user-rid/group-rid issues are better, but not perfect. the "BUILTIN" domain is still missing: users cannot be added to "BUILTIN" groups yet, as we only have an "alias" db API and a "group" db API but not "builtin-alias" db API... (This used to be commit 5d5d7e4de7d1514ab87b07ede629de8aa00519a1)
1998-11-17Added the same open()/fopen()/creat()/mmap() -> sys_XXX calls.Jeremy Allison4-6/+6
Tidied up some of the mess (no other word for it). Still doesn't compile cleanly. There are calls with incorrect parameters that don't seem to be doing the right thing. This code still needs surgery :-(. Jeremy. (This used to be commit 18ff93a9abbf68ee8c59c0af3e57c63e4a015dac)
1998-11-17- group database API. oops and oh dear, the threat has been carried out:Luke Leighton1-3/+3
the pre-alpha "domain group" etc parameters have disappeared. - interactive debug detection - re-added mem_man (andrew's memory management, detects memory corruption) - american spellings of "initialise" replaced with english spelling of "initialise". - started on "lookup_name()" and "lookup_sid()" functions. proper ones. - moved lots of functions around. created some modules of commonly used code. e.g the password file locking code, which is used in groupfile.c and aliasfile.c and smbpass.c - moved RID_TYPE_MASK up another bit. this is really unfortunate, but there is no other "fast" way to identify users from groups from aliases. i do not believe that this code saves us anything (the multipliers) and puts us at a disadvantage (reduces the useable rid space). the designers of NT aren't silly: if they can get away with a user- interface-speed LsaLookupNames / LsaLookupSids, then so can we. i spoke with isaac at the cifs conference, the only time for example that they do a security context check is on file create. certainly not on individual file reads / writes, which would drastically hit their performance and ours, too. - renamed myworkgroup to global_sam_name, amongst other things, when used in the rpc code. there is also a global_member_name, as we are always responsible for a SAM database, the scope of which is limited by the role of the machine (e.g if a member of a workgroup, your SAM is for _local_ logins only, and its name is the name of your server. you even still have a SID. see LsaQueryInfoPolicy, levels 3 and 5). - updated functionality of groupname.c to be able to cope with names like DOMAIN\group and SERVER\alias. used this code to be able to do aliases as well as groups. this code may actually be better off being used in username mapping, too. - created a connect to serverlist function in clientgen.c and used it in password.c - initialisation in server.c depends on the role of the server. well, it does now. - rpctorture. smbtorture. EXERCISE EXTREME CAUTION. (This used to be commit 0d21e1e6090b933f396c764af535ca3388a562db)